Analysis
-
max time kernel
137s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
29-12-2024 02:19
Behavioral task
behavioral1
Sample
57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
9 signatures
150 seconds
General
-
Target
57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf
-
Size
33KB
-
MD5
aab63e2b34877cb76f62b1aaaa786760
-
SHA1
247fbe9563a8d89c38f09acd1fef97b52bfc8f86
-
SHA256
57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0
-
SHA512
b4d298aca02eed357a0e353c135fe67c30c6f6c12ba29f56358ad3c0944a196296525121f99271624ef3d374b2b53aa9c1dceb677e3e04a006da6c40e4a699af
-
SSDEEP
768:Am5QiX/H16FyxFM9VEmj1qxZGhmPhABw3BKlVlfxMnbcuyD7UiyqI:d5QoVkyxFUVEmjuZGhcRKlVl2nouy8ZT
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
UNSTABLE
Signatures
-
Mirai family
-
Contacts a large (195918) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for modification /dev/misc/watchdog 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for modification /bin/watchdog 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1551 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf -
description ioc Process File opened for reading /proc/1080/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1173/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1186/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/868/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1054/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1392/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/630/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1115/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/972/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/413/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/984/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/660/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/779/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/832/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1013/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1161/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/609/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1539/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/679/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1044/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1492/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/750/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/617/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1050/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1107/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1172/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1175/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1200/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1227/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/452/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1540/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/727/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1076/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/409/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/610/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/839/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1058/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1197/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1243/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/588/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/741/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1135/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/self/exe 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1231/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/411/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1221/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1183/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/559/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/665/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/957/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1256/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/429/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/590/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/991/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1033/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1067/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1146/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1283/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/415/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/780/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1085/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/749/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/1306/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf File opened for reading /proc/518/cmdline 57aef1df1475e4e6805afbdf05c7992482384fdae7258988c116e70eb571f9b0.elf